Vulnerability

    Tiny Sheet

Affected

    Tiny Sheet

Description

    Paulo  Cesar  Breim  found  following.   The  software Tiny Sheet,
    present  in  all  versions  of  Palm  Pilot, has a function called
    IMPORT file.  Well when this function is use ALL FILES,  including
    the hidden  files protetex  with password,  can be  imported to  a
    Sheet.

    The "private" flag in PalmOS is advisory only.  As has been  noted
    in  previous  discussions  (most  notably  L0pht/@stake's   PalmOS
    password recovery  discovery), the  Palm platform  is not designed
    to be secure.  Physical access  means access to all its data.   So
    there's not much new about Tiny Sheet apparently not following the
    guidelines.   It's  just  another  example  of  the limitations in
    PalmOS.

Solution

    The Palm's password protection stops people that roam around  your
    notes with physical posession of your palm but not the ability  to
    install Apps.  No more, no less.